Survey finds that adults are overconfident about cyber security

I’m usually the first person to tell folks to relax or at least re-focus when it comes to being afraid. We live in a society with too many fears about all sorts of things. Of course it’s possible that we could be affected by a terror attack or that our children could be abducted by a stranger they meet online or that we come down with a rare and exotic disease, but it’s statistically unlikely. We’re better off focusing on more common and controllable things such as washing our hands to avoid catching a cold or vaccinating our children. But when it comes to cyber security, we seem to have the opposite problem. A study just released in support of National Cyber Security Awareness Month (October) by the National Cyber Security Alliance (NCSA) and security firm ESET found that even though one in five American homes received a data breach notification last year and more than 50 percent of those received multiple notifications, most people feel pretty safe when it comes to a variety of online threats.

People feel more secure than they are

For example, when asked how confident they are that their home network and the Internet-connected devices in the home are secure, 79 percent responded that they felt safe, on a scale of 1-5. Nearly half (49 percent) felt strongly and very confident while 30 percent felt confident.

But the survey also found that 40 percent of respondents haven’t or don’t know if they have ever changed the default username and password of their router while 60 percent say they haven’t changed the router’s password in the last year.

Router passwords

The routers that control how devices are connected to your home network often come with incredibly weak and common user names and passwords (like “admin.”). On several occasions I’ve helped friends change their WiFi passwords, which requires accessing their router and even though they almost never know their router username and password, I can usually figure it out and I’m by no means a skilled hacker. If someone can break into your router, they can change your WiFi passwords and access any devices on your network.

And we’re not just talking about PCs anymore. Two-thirds (67 percent) said they have one to five devices while 30 percent have six or more. And 20 percent of those asked said they use a mobile device to access something in their home such as a door lock, security camera or an appliance. That number will grow significantly over the next few years as “Internet of Things” gadgets proliferate.

As many people know, passwords can be hacked, which is why security experts recommend “two-factor” or “multi-factor” authentication such as setting up your phone to receive a text message with a special code if you’re logging into an account from a device for the first time. It’s more secure because it requires you to know both the password and have the phone with you (something the hacker won’t have) — similar to why debit cards are reasonably secure because you need both the physical card and the PIN number.

Two-factor authentication

The good news is that a majority (58 percent) said they use two-factor authentication with email and 78 percent use it for banking but only 29 percent use it for social networking or online retail websites like Amazon. But even the “good” news isn’t all that good when you consider that 42 percent of email users and 22 percent of online banking users are not taking advantage of two-factor authentication.

I was unpleasantly surprised by the survey’s finding that only 41 percent of parents say that they don’t allow their children to share passwords with friends. That number needs to get to 100 percent. Sharing passwords — even with best friends — can be a recipe for disaster since a friend can sometimes become an ex-friend.

I was also disappointed to see that only 33 percent of families have a “device free dinnertime rule.” I’m increasingly convinced that spending quality time together at dinner is one of the most important things a family can do. The only devices kids and parents should be handling during dinner are their eating utensils, and a stylus doesn’t count as a chop stick.

The study found that 59 percent of parents don’t require permission before their child can download a new app, join a social network to play a new game and that 75 percent have no rules about their kids using devices in their bedrooms after a certain time. I’m a big believer in having a central place in the household where everyone charges their phones at bedtime — and don’t accept the excuse that they use their phone as an alarm clock. A quick search on Amazon will find alarm clocks starting at under $5.

The study, conducted by Zogby Analytics, involved interviews with 1,433 adults with a margin of error of 2.6 percentage points.

Stop Think Connect

After reading the survey report, I’m not preaching fear. That doesn’t help. But taking reasonable precautions does help. I’m a big fan of the Stop Think Connect campaign because it’s not suggesting we be afraid or hold back, but that we simply stop and think and then connect.